Fortinet Confirms Active Exploitation of Critical Vulnerability in Firewall and Proxy Products On Monday, Fortinet disclosed a critical security vulnerability affecting its firewall and proxy offerings, warning that the flaw is currently being exploited in the wild. This vulnerability, tracked as CVE-2022-40684 and rated with a CVSS score of 9.6,…
A recently patched vulnerability in VMware Workspace ONE Access has been leveraged to distribute both cryptocurrency mining malware and ransomware across affected systems. This information comes from Fortinet’s FortiGuard Labs, where researcher Cara Lin highlighted that the attackers aim to exploit victims’ resources extensively. The goal appears to involve not…
The past week underscored a critical evolution in cyber threats, illustrating that attackers no longer require large-scale hacks to unleash significant damage. Instead, they are targeting essential tools that organizations rely on, including firewalls, browser extensions, and even smart devices. These seemingly minor vulnerabilities can become gateways to severe breaches.…
Emerging Cyber Threats: A Week in Review In the swiftly evolving landscape of cybersecurity, the distinctions between routine updates and significant breaches are increasingly blurred. Systems that once appeared secure are now subject to relentless challenges posed by new artificial intelligence tools, interconnected devices, and intricate automated systems. These innovations…
Cybersecurity Update: AI-Powered Attack on Fortinet Firewalls and Other Breaches In a recent development in the cybersecurity landscape, a financially motivated threat actor, reportedly Russian-speaking, has leveraged commercial AI toolkits to compromise over 600 Fortinet firewalls. This operation was first identified by the AWS security team, indicating that the activity…
Fortinet Releases Critical Security Patches for SSL-VPN Vulnerability On Monday, Fortinet announced the release of emergency patches responding to a significant security vulnerability discovered in its FortiOS SSL-VPN product. This vulnerability is currently experiencing active exploitation in the wild, emphasizing the urgency for organizations to apply the updates promptly. The…
On Tuesday, the U.S. National Security Agency (NSA) issued a warning regarding a cyber threat from a group known as APT5, or Bronze Fleetwood, which has been actively exploiting a zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Gateway systems. This security flaw, cataloged as CVE-2022-27518, represents a critical…
Fortinet has identified a critical vulnerability impacting its FortiADC application delivery controller that has the potential for arbitrary code execution. This flaw, categorized as CVE-2022-39947 with a CVSS score of 8.6, affects several FortiADC versions, including 7.0.0 to 7.0.2, 6.2.0 to 6.2.3, and several earlier versions down to 5.4.0. According…
Exploitation of FortiOS SSL-VPN Zero-Day Vulnerability Targets Government Entities A critical zero-day vulnerability in FortiOS SSL-VPN was exploited by unknown threat actors in recent attacks, targeting governmental and other large organizations, as reported by Fortinet. This vulnerability, identified as CVE-2022-42475, is a heap-based buffer overflow flaw that permits unauthenticated remote…
